Question 137199 in Azure Question posted in
The official documentation to get you started can be found here.

How to not use Basic Auth in a Azure Devops deploy

For compliance reasons we have to turn off Basic Authentication on our Azure Web Apps.

We are using a service principal in our Azure Devops Pipeline but it fails without Basic Authentication. I think it may be downloading the publish profile using the service principal. Is there any way to not use Basic Authentication with the following deploy step:

- task: AzureRmWebAppDeployment@4
  inputs:
    ConnectionType: 'AzureRM'
    azureSubscription: '<service principal name>'
    appType: 'webApp'
    WebAppName: '<webapp name>'
    packageForLinux: '$(Build.ArtifactStagingDirectory)/**/DeployApp.zip'
Tags:

2

Answers


  1. 0

    I created one Azure DevOps service connection like below:-

    The Service Principal I used for creating the Service connection has Owner role at the Subscription Level, To deploy Web app or any azure resource. Make sure you atleast have Contributor or Owner role assigned to the Service principal you’re using for Web app deployment like below:-

    enter image description here

    enter image description here

    enter image description here

    Now, I used the same service principal in my Web app Build and Deployment task like below:-

    enter image description here

    enter image description here

    My yaml pipeline script:-

    trigger:
- master

variables:

  # Web app name
  webAppName: 'silicon-webapp'

  # Agent VM image name
  vmImageName: 'ubuntu-latest'

  # Environment name
  environmentName: 'silicon-webapp'

  # Project root folder. Point to the folder containing manage.py file.
  projectRoot: $(System.DefaultWorkingDirectory)/mysite

  # Python version: 3.11
  pythonVersion: '3.11'

stages:
- stage: Build
  displayName: Build stage
  jobs:
  - job: BuildJob
    pool:
      vmImage: $(vmImageName)
    steps:
    - task: UsePythonVersion@0
      inputs:
        versionSpec: '$(pythonVersion)'
      displayName: 'Use Python $(pythonVersion)'

    - script: |
        python -m venv antenv
        source antenv/bin/activate
        python -m pip install --upgrade pip
        pip install setup
        pip install -r requirements.txt
      workingDirectory: $(projectRoot)
      displayName: "Install requirements"

    - task: ArchiveFiles@2
      displayName: 'Archive files'
      inputs:
        rootFolderOrFile: '$(projectRoot)'
        includeRootFolder: false
        archiveType: zip
        archiveFile: $(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip
        replaceExistingArchive: true

    - upload: $(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip
      displayName: 'Upload package'
      artifact: drop

- stage: Deploy
  displayName: 'Deploy Web App'
  dependsOn: Build
  condition: succeeded()
  jobs:
  - deployment: DeploymentJob
    pool:
      vmImage: $(vmImageName)
    environment: $(environmentName)
    strategy:
      runOnce:
        deploy:
          steps:

          - task: UsePythonVersion@0
            inputs:
              versionSpec: '$(pythonVersion)'
            displayName: 'Use Python version'

          - task: AzureWebApp@1
            displayName: 'Deploy Azure Web App : silicon-webapp'
            inputs:
              azureSubscription: 'azuredevopswebapp'
              appType: 'webAppLinux'
              appName: 'silicon-webapp'
              package: '$(Pipeline.Workspace)/drop/$(Build.BuildId).zip'

    Build Job and Deployment Job got succeeded like below:-

    enter image description here

    enter image description here

    Login or Signup to reply.
  2. 0

    Does it also work if the service principal has contributor role in the resource group where app service is deployed?

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search